A Fortinet, a global cybersecurity company, identified 314.8 billion malicious activities targeting Brazil in the first half of 2025. The data is part of the Global Threat Landscape Report produced by FortiGuard Labs, the company’s threat intelligence laboratory. The study analyzed cyber behavior in Latin America and Canada during the period, detecting over 374 billion attack attempts—84% of which were directed at Brazil. To a lesser extent, Mexico (10.8%), Colombia (1.89%), and Chile (0.1%) complete the list of the most affected countries in the region.
The report was presented during the Fortinet Cybersecurity Summit Brazil 2025 (FCS 2025), one of Latin America’s largest cybersecurity events. On that occasion, it was revealed that Brazil also recorded 41.9 million malware distribution activities—software designed to cause harm or gain unauthorized access to computer systems—and 52 million botnet-related actions, which can enable remote control of infected devices.
“By presenting the key cyber threat data for Latin America and Canada at FCS 2025, we reinforce our commitment to transparency, collaboration, and market preparedness against digital risks. Transforming data into strategic knowledge is the first step toward creating a more mature and effective security culture in Brazil,” comments Frederico Tostes, Country Manager of Fortinet Brazil.
The study considers the cyber kill chain model, which analyzes each stage of an attack—from reconnaissance to final execution. In Brazil, the main vectors detected include 1 billion brute-force attacks and 2.4 billion vulnerability exploitation attempts. In the reconnaissance phase, 2 billion active scans were detected. In the delivery phase, there were 4 million drive-by download attempts (unintentional software downloads) and 662 thousand malicious Office files.
In the installation phase, 12 million trojans—malware disguised as legitimate software to deceive users—and 67 thousand unauthorized cryptocurrency mining attempts (CryptoMiner) stood out. In the final phase of action and objectives, the country recorded 309 billion denial-of-service (DDoS) attempts and 28.1 thousand ransomware incidents—malware that encrypts victims’ data and demands a ransom to restore access.
According to Alexandre Bonatti, VP of Engineering at Fortinet Brazil, another highlight of the report is the focus of threats on the impact phase. ‘In Brazil, 98.11% of identified malicious activities are directly linked to final impact actions. Only 1.01% correspond to the initial access stage. This indicates a scenario of increasingly targeted, fast-moving attacks aimed at disruption or extortion. In this context, attention should not only be on preventing the attack but also on how to respond to and quickly contain its effects,’ analyzes the executive.
Frederico Tostes notes that the increasing complexity and volume of attacks reinforce the urgency for integrated, proactive, and continuous cybersecurity strategies. ‘By releasing this report during FCS 2025, we reiterate Fortinet’s commitment to supporting businesses and institutions in protecting their digital assets, based on global intelligence and cutting-edge technology.’
Fortinet structures its threat intelligence efforts around a continuous cycle composed of six stages: targeting, collection, processing, analysis, dissemination, and feedback. This approach ensures rapid and sustained responses to emerging threats, with real-time updates for its systems and clients.
Digital risk: 314 billion malicious activities detected in Brazil in the first half of 2025
